47:
328:
177:
Between May and
December 2015, the Microsoft Malware Protection Center detected Dorkbot on an average of 100,000 infected machines each month.
145:
Collect login information and passwords through form grabbing, FTP, POP3, or
Internet Explorer and Firefox cached login details; or
342:
194:
367:
231:
130:
Dorkbot’s backdoor functionality allows a remote attacker to exploit infected systems. According to an analysis by
162:
115:
135:
65:
241:
343:"FBI, Microsoft and Computer Emergency Response Team Polska Takes Down Global DorkBot Malware Botnet"
185:
On
December 7, 2015, the FBI and Microsoft in a joint task force took down the Dorkbot Botnet.
226:
91:
61:
362:
314:
271:
303:. National Cyber Awareness System:, U.S. Department of Homeland Security. December 3, 2015.
166:
119:
95:
35:
17:
356:
236:
87:
103:
56:
300:
131:
158:
111:
110:. It originated in 2015 and infected systems were variously used to send
107:
251:
246:
214:
99:
84:
31:
148:
Block or redirect certain domains and websites (e.g., security sites).
329:"Microsoft assists law enforcement to help disrupt Dorkbot botnets"
207:
Keep your operating system and application software up-to-date
197:
advised the following action to remediate
Dorkbot infections:
40:
27:
Family of malware worms that spreads through instant messaging
331:. Microsoft Malware Protection Center. December 3, 2015.
157:A system infected with Dorkbot may be used to send
169:for online services, including banking services.
272:"Worm:W32/Dorkbot.A Description | F-Secure Labs"
142:Download and run a file from a specified URL;
8:
295:
293:
291:
317:. Check Point Research. February 4, 2018.
263:
7:
201:Use and maintain anti-virus software
195:U.S. Department of Homeland Security
138:, a remote attacker may be able to:
345:. Geek Inspector. December 7, 2015.
315:"dorkbot-an-investigation: Dorkbot"
25:
45:
1:
232:Code Shikara (Computer worm)
30:Not to be confused with the
54:It has been suggested that
384:
29:
71:Proposed since June 2024.
18:Backdoor.IRCBot.Dorkbot
210:Use anti-malware tools
242:HackTool.Win32.HackAV
204:Change your passwords
90:that spreads through
301:"TA15-337A: Dorkbot"
136:Check Point Research
64:into this article. (
368:Exploit-based worms
167:users' credentials
120:users' credentials
227:Alert (TA15-337A)
161:, participate in
114:, participate in
92:instant messaging
78:
77:
73:
16:(Redirected from
375:
347:
346:
339:
333:
332:
325:
319:
318:
311:
305:
304:
297:
286:
285:
283:
282:
276:www.f-secure.com
268:
69:
49:
48:
41:
21:
383:
382:
378:
377:
376:
374:
373:
372:
353:
352:
351:
350:
341:
340:
336:
327:
326:
322:
313:
312:
308:
299:
298:
289:
280:
278:
270:
269:
265:
260:
223:
191:
183:
175:
155:
128:
83:is a family of
74:
50:
46:
39:
28:
23:
22:
15:
12:
11:
5:
381:
379:
371:
370:
365:
355:
354:
349:
348:
334:
320:
306:
287:
262:
261:
259:
256:
255:
254:
249:
244:
239:
234:
229:
222:
219:
218:
217:
211:
208:
205:
202:
190:
187:
182:
179:
174:
171:
154:
151:
150:
149:
146:
143:
127:
124:
106:channels like
76:
75:
53:
51:
44:
38:organizations.
36:electronic art
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
380:
369:
366:
364:
361:
360:
358:
344:
338:
335:
330:
324:
321:
316:
310:
307:
302:
296:
294:
292:
288:
277:
273:
267:
264:
257:
253:
250:
248:
245:
243:
240:
238:
237:Computer worm
235:
233:
230:
228:
225:
224:
220:
216:
212:
209:
206:
203:
200:
199:
198:
196:
193:In 2015, the
188:
186:
180:
178:
172:
170:
168:
165:, or harvest
164:
160:
152:
147:
144:
141:
140:
139:
137:
133:
126:Functionality
125:
123:
121:
118:, or harvest
117:
113:
109:
105:
101:
97:
93:
89:
86:
82:
72:
67:
63:
59:
58:
52:
43:
42:
37:
33:
19:
337:
323:
309:
279:. Retrieved
275:
266:
192:
184:
176:
163:DDoS attacks
156:
129:
116:DDoS attacks
104:social media
80:
79:
70:
57:Code Shikara
55:
189:Remediation
357:Categories
281:2021-11-21
258:References
173:Prevalence
96:USB drives
132:Microsoft
34:group of
221:See also
213:Disable
108:Facebook
100:websites
363:Botnets
252:US-CERT
247:Malware
215:AutoRun
181:History
85:malware
81:Dorkbot
66:Discuss
32:Dorkbot
153:Impact
62:merged
88:worms
159:spam
134:and
112:spam
102:or
60:be
359::
290:^
274:.
122:.
98:,
94:,
284:.
68:)
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.